31 Srp
2021
31 Srp
'21
11:49
Hi,
We have a (hopefully last) follow-up question on the knot-generated
dnssec keys for our domain.
Our policy is is set to algorithm: ECDSAP256SHA256. Upon knot start,
knot generates the key:
knotd[25835]: info: [company.com.] DNSSEC, key, tag
54011, algorithm ECDSAP256SHA256, KSK, public, ready, active+
knotd[25835]: info: [company.com.] DNSSEC, key, tag 49404, algorithm ECDSAP256SHA256,
public, active
knotd[25835]: info: [company.com.] DNSSEC, signing started
Then we query the DS key to be published, the result is:
keymgr company.com ds
company.com. DS 54011 13 2
f0892debae240caa01827becdd3d3cb0ef2512f5691ca525895777571a67e680
company.com. DS 54011 13 4
462211ea3e8d3ea19a2ae803b926af8df851369527879911318f59ff72973a72452e3f29265c339c6a61537a778c43da
Now the question. In most (if not all?) docs we read on the subject, the
DS key looks something like:
knot-dns.cz. 3600 IN DS 54959 13 2
268DE6EB7E0630953B8AF0F0037BF68FD10443BF01B5E17805AF94C2 6921897D
or
dnssec-tools.org. 21600 IN DS 9638 13 2
92551AA25C4ADE8E2882FBF4BEB5B54F9D84379B153848852B68BB3C 793F4B0B
note the spaces at the end of the key string.
Our knot-generated DS key does not have a space in it.
Is something wrong? Do we need to add a space somewhere, or..?
Thanks again in advance for providing insight :-)
MJ